Secure Cookie

What Does Secure Cookie Mean?

A secure cookie, also known as httpOnly cookie, is a type of cookie that only works with HTTP/HTTPS and does not work for scripting languages like JavaScript. Since it is only used in storing information and used for hypertext transfer protocol requests and data over the internet, exploits and hacks made through scripting are unable to access them. So a secure cookie’s main benefit is that it can stop theft through cross-site scripting (XSS).

Advertisements

Techopedia Explains Secure Cookie

A secure cookie always has the secure attribute activated, so it is used mostly via HTTPS and securely transmitted with encrypted connections. The httpOnly flag in the secure cookie header ensures that JavaScript or any non-HTTP methods cannot access the cookie. The cookie works through the assistance of two headers: set-cookie and cookie. The job of the set-cookie header is to create a secured cookie on the user’s system in response to a http request. While the cookie header is part of the application with an http request sent to the server to validate if there is a secure cookie that matches the domain and path requested.

The secure attribute and httpOnly flag work together to ensure that the browser is able to restrict access to the secure cookie data from malicious scripts that may have infected the browser or the network. This mitigates many of the damages that many XSS attacks can cause, specifically those that target cookies.

Advertisements

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…

All Posts by Margaret Rouse

Most Popular Term

Networking

whoami Command

What is whoami? whoami is a command-line utility program for computers. It answers the question, "Who am I logged in as?" and...

Full Explanation

Margaret RouseTechnology Expert

Advertisements

Cybersecurity

Formjacking

What is Formjacking? Formjacking is the software equivalent of credit card skimming. It is a portmanteau combining "form" with part...

Full Explanation

Marshall GunnellTechnology Writer

Cybersecurity

Threat Actor

What is a Threat Actor? A threat actor is a term given to describe an entity that can potentially attack...

Full Explanation

Tim KearyTechnology Expert

Related News

dummy_img

Project Guardian: Singapore’s Plan for DeFi and Tokenization

Jinia Shawdagor10 years

dummy_img

Cloud Computing

The Top 8 Cloud Computing Podcasts

Linda Rosencrance10 years

dummy_img

Artificial Intelligence

The Rise of AI in Quantitative Finance – Mastering the Market with Math and Machines

Aayush Mittal10 yearsAI & ML Software Engineer

dummy_img

Largest BlackRock Shareholders: Who Owns the Most BLK Stock in 2023?

Indrabati Lahiri10 yearsFinancial Writer & Editor

dummy_img

Artificial Intelligence

10 Incredible Examples of AI-Generated Videos

Tim Keary10 yearsTechnology Expert

dummy_img

Featured Content

Coinbase Advanced Is the Pinnacle of Trust and Security for Those Trading Cryptocurrency – Here’s Why

Alan Draper10 yearsEditor-in-Chief

Popular Categories
Show All

Artificial Intelligence

Password Managers

Project Management